Have you ever wondered what it would be like if your business was the victim of a ransomware attack? Do you have concerns about how well protected your organization is to prevent this threat or detect it once it happens? We’ve put together a step-by-step scenario of a typical ransomware attack and a checklist of things that you can do to prevent an attack from occurring.
“I Can’t Open This File!”
It all begins with a call to your Help Desk from a user who complains that they can’t access their documents. Your support technician instructs the user to reboot their machine, thinking that it may be a network connectivity issue, but then your technician receives four more calls within half an hour from other users complaining of the same problem.
- Do you have an incident response plan to quickly isolate and respond to threats?
- Is your level 1 help desk aware of your IR plan and trained in how to activate it?
“Oh no, Ransomware!”
After the initial investigation, your help desk technician determines that you are the victim of a ransomware attack. All the files on your central file server are encrypted. You log into your backup server to begin the recovery process, but soon realize that your backup server has been encrypted as well. You begin to wonder how this attack got into your network and how far it has spread.
- Do you have a central log management system to search logs across multiple tools to look for signs of infection?
- Do you have an email filtering solution that allows you to search for suspicious messages or patterns?
- Do you have up to date anti-virus running on all systems in your environment, sending logs and events back to a central server?
“The Recovery Begins!”
Luckily, you are able to find some old backup tapes from one month ago and begin the process of recovering that data. Your anti-virus and firewall logs show you how the infection came into the environment and you isolate the 5 machines that were infected. The slow process of restoring data and recovering from the incident begins.
- Do you have offline or isolated backups that are protected from network attacks?
- Do you have a documented and tested disaster recovery plan?
Although it is possible to recover from a ransomware attack, it is always easier to prevent! According to Ponemon Institute, the average cost of a ransomware attack is 5 million dollars. The time that it takes you to recover can be devastating to your productivity and your business. Remember that tabletop exercises and simulations are a great way to practice your incident response plan and determine how ready your company is to handle situations like these.